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DETAILED ACTION 

1. Applicant's amendment filed on January 26, 2005 has been entered. 
Claims 1-21 are pending. The examiner in charge has left the office. This case has 
been re-assigned to the present examiner. 

Claim Rejections • 35 USC § 103 

2. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for 
all obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 1 02 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

3. Claims 1,2, 14 and 15 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Anderson (5751812) in view of Feldman et al (5862225). 

With respect to Claim 1, Anderson meets the limitation of "a 
telecommunication network (OM); a source system (LEI) connected to the 
telecommunication network (OM); a target system (LE2) connected to the 
telecommunication network (OM)" on column 1, lines 7-12; and "storing user identifiers 
and associated passwords in the source system (LEI) and in the target system (LE2)" 
on column 2, lines 2-7. If a hash is computed using the received password at both the 
client and the server, the password is inherently stored in the memory of both systems 
during the operations to enable this computation to be possible. The seed in Fig. 4 
represents the user identifier. Anderson meets further limitation of "logging on into the 
source system (LEI) by entering a user identifier and a password corresponding to it" on 
Fig. 1 and on column 1, lines 38-40; and "identifying the user in the source system 
(LE1); and setting up a remote session to the target system (LE2)" on column 1, lines 
61-67 and on column 2, lines 1-10; and "generating identical indexed encryption keys in 
the source system (LEI) and in the target system (LE2); encrypting the password 
associated with the user identifier in the source system (LEI) using the encryption key 
indicated by a first index, and sending the encrypted data as well as the first index and 
the user identifier to the target system (LE2)" on column 1, lines 61-67 and on column 2, 
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lines 1-5; and "encrypting the password associated with the user identifier in the target 
system (LE2) using an encryption key indicated by the index received" on column 1 , 
lines 64-66. This is because the server already stores an encrypted/hashed version of 
the user's password. Further limitation of "performing a first comparison between the 
received password and the password encrypted in the target system (LE2)" is met on 
column 2, lines 5-7. The hash function represents the encryption keys and has an 
index, i present. Anderson however does not meet the following limitation. 

Feldman et al meets the limitation of "encrypting in the target system 
(LE2) the password received from the source system (LEI) using an encryption key 
indicated by a second index, and sending the encrypted data and the second index to 
the source system (LEI); encrypting the encrypted password initially sent from the 
source system (LEI) to the target system (LE2) again using the encryption key indicated 
by the second index received from the target system (LE2); performing a second 
comparison between the encrypted password received from the target system (LE2) 
and the password encrypted in the source system (LEI) using the encryption keys 
indicated by the first and second indexes" on column 2, lines 28-47; and "approving the 
setup of the remote session if the results of the comparisons are coincident" on column 
2, lines 42-47. 

It would have been obvious to one of ordinary skill in the art at the time the 
invention was made to combine the teachings of Feldman et al within the system of 
Anderson so as to ensure a secure log-in by a user to a network. Re-encrypting the 
hash function is a repetition of the initial encryption of the hash function, which is 
already known in the art as a form of message authentication. 

With respect to Claim 2, Anderson meets the limitation of "characterized in 
that the setup of the remote session is prevented if the results of the first or the second 
comparison are not coincident" on column 2, lines 7-11. 

With respect to Claim 14, its limitation is similar to Claim 1 limitation and 
hence its rejection can be found therein. 
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With respect to Claim 15, Anderson meets the limitation of "characterized 
in that the system comprises means (6) for preventing the setup of a remote session" in 
the abstract. 

4. Claims 3-13, 16-21 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Anderson (5751812) in view of Feldman et al (5862225) in further 
view of Akiyama et al (5784464). 

With respect to Claim 3, Anderson and Feldman et al meets all the 
limitation except for the following limitation. 

Akiyama meets the limitation of "separate identification data is generated" 
on column 2, lines 10-25; and "the identification data is encrypted in the source system 
(LEI) using the encryption key indicated by the first index and the encrypted data is sent 
to the target system (LE2)" on column 4, lines 34-38; and "the identification data 
received from the source system (LEI) is encrypted in the target system (LE2) using the 
encryption key indicated by the second index and the encrypted data as well as the 
second index are sent back to the source system (LEI)" on column 4, lines 20-22; and 
"the identification data encrypted using the encryption key indicated by the first index 
which was initially sent to the target system (LE2) is encrypted again in the source 
system (LEI) using the encryption key indicated by the second index received from the 
target system (LE2)" on column 4, lines 22-27; and "a third comparison is performed 
between the encrypted identification data received from the target system (LE2) and the 
identification data just encrypted in the source system (LEI); and the setup of the remote 
session is approved if the result of the comparison is coincident" on column 4, lines 29- 
34. 

It would have been obvious to one of ordinary skill in the art at the time the 
invention was made to combine the teachings of Akiyama et al within the combination of 
Anderson and Feldman et al because the identification data is necessary for the 
authentication between the user and service provider. 
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With respect to Claim 4, Anderson and Feldman et al meet all the 
limitation except for the following limitation. Akiyama meets the limitation of 
"characterized in that the setup of the remote session is prevented if the result of the 
third comparison is not coincident" on column 4, lines 29-34. 

It would have been obvious to one of ordinary skill in the art at the time the 
invention was made to combine the teachings of Akiyama et al within the combination of 
Anderson and Feldman et al because the identification data is necessary for the 
authentication between the user and service provider. 

With respect to Claim 5, Anderson and Feldman et al meet all the 
limitation except for the following limitation. Akiyama meets the limitation of "the 
identification data is sent simultaneously with the user data; or the identification data is 
sent in separation from the user data" on column 3, lines 6-1 1 and 16-20. 

It would have been obvious to one of ordinary skill in the art at the time the 
invention was made to combine the teachings of Akiyama et al within the combination of 
Anderson and Feldman et al because the identification data is necessary for the 
authentication between the user and service provider. 

With respect to Claim 6, Anderson and Feldman et al meet all the 
limitation except for the following limitation. Akiyama meets the limitation of 
"characterized in that time data and/or data individualizing the source system is added 
to the identification data" on column 1, lines 64-67. 

It would have been obvious to one of ordinary skill in the art at the time the 
invention was made to combine the teachings of Akiyama et al within the combination of 
Anderson and Feldman et al because the identification data is necessary for the 
authentication between the user and service provider. 

With respect to Claim 7, Anderson and Feldman et al meets all the 
limitation except for the following limitation. Akiyama meets the limitation of 
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"characterized in that the encryption keys are generated using a certain predetermined 
algorithm" on column 2, lines 50-56. 

It would have been obvious to one of ordinary skill in the art at the time the 
invention was made to combine the teachings of Akiyama et al within the combination of 
Anderson and Feldman et al because the identification data is necessary for the 
authentication between the user and service provider. 

With respect to Claim 8, Anderson and Feldman et al meet all the 
limitation except for the following limitation. Akiyama meets the limitation of 
"characterized in that the encryption keys are stored on a special encryption key list" on 
column 2, lines 50-56. 

It would have been obvious to one of ordinary skill in the art at the time the 
invention was made to combine the teachings of Akiyama et al within the combination of 
Anderson and Feldman et al because the identification data is necessary for the 
authentication between the user and service provider. 

With respect to Claim 9, Anderson meets the limitation of "characterized in 
that the index is generated on a random basis or on the basis of a predetermined 
algorithm" on column 1, lines 41-50. The index is represented by i. 

With respect to Claim 10, Anderson meets the limitation of "characterized 
in that a one-way encryption algorithm is used f or the encryption of data in the source 
system (LEI ) and in the target system (LE2)" on column 2, lines 2-7. 

With respect to Claim 11, Anderson and Feldman et al meet all the 
limitation except for the following limitation. Akiyama meets the limitation of 
"characterized in that the telecommunication system is a telephone exchange system" 
on column 1 , lines 20-22. 

It would have been obvious to one of ordinary skill in the art at the time the 
invention was made to combine the teachings of Akiyama et al within the combination of 
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Anderson and Feldman et al because the identification data is necessary for the 
authentication between the user and service provider. 

With respect to Claim 12, Anderson and Feldman et al meet all the 
limitation except for the following limitation. Akiyama meets the limitation of 
"characterized in that the source system (LEI) and/or the target system (LE2) are 
telephone exchanges" on column 1, lines 13-22. 

It would have been obvious to one of ordinary skill in the art at the time the 
invention was made to combine the teachings of Akiyama et al within the combination of 
Anderson and Feldman et al because the identification data is necessary for the 
authentication between the user and service provider. 

With respect to Claim 13, Anderson and Feldman et al meet all the 
limitation except for the following limitation. Akiyama meets the limitation of 
"characterized in that the telecommunication network (OM) is an operation and 
maintenance network" on column 1, lines 13-22. This is because an operation and 
maintenance network can be categorized as a digitally distributed data over a network. 

It would have been obvious to one of ordinary skill in the art at the time the 
invention was made to combine the teachings of Akiyama et al within the combination of 
Anderson and Feldman et al because the identification data is necessary for the 
authentication between the user and service provider. 

With respect to Claim 16, Anderson and Feldman et al meet all the 
limitation except for the following limitation. Akiyama meets the limitation of 
"characterized in that the system comprises means (7) for generating identification data 
and adding time data and/or data individualizing the source system to the identification 
data" on column 1 , lines 64-67. 

It would have been obvious to one of ordinary skill in the art at the time the 
invention was made to combine the teachings of Akiyama et al within the combination of 
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Anderson and Feldman et al because the identification data is necessary for the 
authentication between the user and service provider. 

With respect to Claim 17, its limitation is similar to Claim 8 limitation and 
hence its rejection can be found therein. 

With respect to Claim 18, its limitation is similar to Claim 9 limitation and 
hence its rejection can be found therein. 

With respect to Claim 19, its limitation is similar to Claim 11 limitation and 
hence its rejection can be found therein. 

With respect to Claim 20, its limitation is similar to Claim 12 limitation and 
hence its rejection can be found therein. 

With respect to Claim 21, its limitation is similar to Claim 13 limitation and 
hence its rejection can be found therein. 

Response to Argument 

5. Applicant's arguments filed February 23, 2004 have been fully considered 
but they are not persuasive. 

Applicant argues that: 

Applicant respectfully submits that Feldman does not cure the deficiencies 
of Anderson as discussed above with regard to independent claims 1 and 14. There is 
nothing in Anderson of Feldman to suggest that both references may be combined. 

Examiner totally disagrees with the applicant and still maintains that: 
In response to applicant's argument that there is no suggestion to combine 
the references, the examiner recognizes that obviousness can only be established by 
combining or modifying the teachings of the prior art to produce the claimed invention 
where there is some teaching, suggestion, or motivation to do so found either in the 
references themselves or in the knowledge generally available to one of ordinary skill in 
the art. See In re Fine, 837 F.2d 1071, 5 USPQ2d 1596 (Fed. Cir. 1988)and In re 
Jones, 958 F.2d 347, 21 USPQ2d 1941 (Fed. Cir. 1992). In this case, the combination 
of teachings between Anderson and Feldman is sufficient and met on column 2, lines 
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42-47. Applicant has also agreed that Feldman does teach the missing limitation that 
Anderson is silent on (see applicant's remark on page 6, lines 1-2 and 6-10). 
Furthermore, in response to the above applicant's argument, a recitation of the intended 
use of the claimed invention must result in a structural difference between the claimed 
invention and the prior art in order to patentably distinguish the claimed invention from 
the prior art. If the prior art structure is capable of performing the intended use, then it 
meets the claimed limitations. In a claim drawn to a process of making, the intended 
use must result in a manipulative difference as compared to the prior art. See In re 
Casey, 370 F.2d 576, 152 USPQ 235 (CCPA 1967) and In re Otto, 312 F.2d 937, 939, 
136 USPQ 458, 459 (CCPA 1963). 

The same reason applies to applicant's argument on the combination of 
teachings between Anderson, Feldman, and Akiyama. Anderson, Feldman, and 
Akiyama do not need to disclose anything over and above the invention as claimed in 
order to render it unpatentable or anticipate. A recitation of the intended use of the 
claimed invention must result in a structural difference between the claimed invention 
and the prior art in order to patentably distinguish the claimed invention from the prior 
art. If the prior art structure is capable of performing the intended use, then it meets the 
claimed limitations. 

Conclusion 

6. Applicant's amendment necessitated the new ground(s) of rejection 
presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See 
MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 
37 CFR 1.136(a). 

a. Felt (US 6,128,742) discloses There is disclosed a method of 
authenticating the identity of a first party involved in communicating over a computer 
network system. The method comprises the steps of: providing the first party with a first 
password set; providing a second party with a second password set; transmitting an 
authentication message based on the first password set from the first party to the 
second party; and authenticating the identity of the first party by the second party for 
further communications over the computer network if it is demonstrated, based on an 
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analysis of the authentication message, that the first and second password sets contain 
at least one common password (see abstract). 

A shortened statutory period for reply to this final action is set to expire 
THREE MONTHS from the mailing date of this action. In the event a first reply is filed 
within TWO MONTHS of the mailing date of this final action and the advisory action is 
not mailed until after the end of the THREE-MONTH shortened statutory period, then 
the shortened statutory period will expire on the date the advisory action is mailed, and 
any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date 
of the advisory action. In no event, however, will the statutory period for reply expire 
later than SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from 
the examiner should be directed to Thanhnga (Tanya) Truong whose telephone number 
is 571-272-3858. 

If attempts to reach the examiner by telephone are unsuccessful, the 
examiner's supervisor, Kim Vu can be reached on 571-272-3859. The fax and phone 
numbers for the organization where this application or proceeding is assigned is 703- 
872-9306. 

Any inquiry of a general nature or relating to the status of this application 
or proceeding should be directed to the receptionist whose telephone number is 571- 
272-2100. 
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